To:
ietf-provreg@cafax.se
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Wed, 27 Feb 2002 15:48:17 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
Mapping IP Addresses to Geographic Location
host-by-addr (an instance of object-by-attribute) raises two issues: o existance and relevenacy of object-by-attribute mechanism, a general question of specification scope, and data specification, and o reverse lookup, mapping ip addresses to geographic location, a specific question of relevance where locality of reference is not casual. Scott Hollenbeck has responded to the first issue, I agree with Scott. About 18 months ago, the W3C's Technology and Society Domain's Privay Activity's, P3P Project's Specification Working Group (P3P Spec WG) hit on the problem of reverse lookup -- mapping addresses to locations. I happen to know this fairly well as it came down to two positions: the first, articulated by Martin Presler-Marshall of IBM, was that a /24 (old Class C) mask on ip addresses captured by data collectors was sufficient to provide a reasonable degree of privacy. The second was that RIR and LIR masks were trivially accessible, that looking beyond the ISP to the end-point (or /24 of theoretically simultanious active dhcp end-points) was intrusive on the ISP's business model, in addition to the end-user expectation of privacy (from provider/location/timeofday/demographic based profiling). I articulated the second view, working at the tim to enable statistical, not deterministic, profiling, and avoid "over-capture". Martin's point of view prevailed, /24 is in the P3P spec, not /<bits>. Other data points (pun intended) Akamai's address space data base (EdgeScape db) provides, for an IP address (effectively a CIDR block): Country, State (US), City, Phone Area Code, Country, Latitude, Longitude, Time Zone, Network Type (Dialup/DSL/Cable) DMA: Designated Marketing Areas MSA: Metropolitan Statistical Areas PMSA: Primary Metropolitan Statistical Areas see: http://www.akamai.com/en/html/services/ct_how_it_works.html Quova's address space data base provides more or less the same thing. see: http://www.quova.com/service.htm They're not alone, I'm just not interested in calling an analyst for a competitive analysis summary off of someone's SEC filings. Having written portions of NeuStar's .US proposal, and having done all of the research prior to November on the transition, I sympathize with the incumbent operator. However, adding reverse lookup in any guise to EPP is asking for trouble. There are registry operators who sell bulk registrant data (to SPAMers). There are registrars who sell bulk registrant data (to SPAMers). There are whois "miners" who sell bulk registrant data (to ... SPAMers). This isn't a feature to add to the protocol core without due reflection. Inverting nameserver addresses (EPP hosts) to registrar and/or registrant identities meets no obvious need, except in amazingly bad edge cases like the .US TLD. It sets a precident for other forms of object-by-attribute, which get bad really quick, and it is subject to misuse by design. This is one of those places where locality of reference is not casual -- in fact, the whole .US is currently laid out (and squatted upon) along locality lines. Mechanism can not correct for a policy of laisse faire (par la lachete). Eric